[
https://issues.apache.org/jira/browse/NIFI-13933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893148#comment-17893148
]
ASF subversion and git services commented on NIFI-13933:
--------------------------------------------------------
Commit b6952f124629fec201d479105d9246647788fd0a in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=b6952f1246 ]
NIFI-13933 Upgraded Spring Security to 6.3.4 and other dependencies
This closes #9450
- Upgraded Spring Security from 6.3.3 to 6.3.4
- Upgraded Hadoop from 3.4.0 to 3.4.1
- Upgraded Velocity Engine Core from 2.3.0 to 2.4.1
- Upgraded Parquet Avro from 1.13.1 to 1.14.3
- Upgraded Google Libraries from 26.47.0 to 26.49.0
- Set protobuf-java to 3.25.5 for calcite-core and amazon-kinesis-client
libraries
- Updated Dependency Check suppressions
Signed-off-by: Joseph Witt <[email protected]>
> Upgrade Spring Security to 6.3.4 and Address Dependency Check Findings
> ----------------------------------------------------------------------
>
> Key: NIFI-13933
> URL: https://issues.apache.org/jira/browse/NIFI-13933
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Spring Security dependencies should be upgraded to 6.3.4 to address findings
> for CVE-2024-38821. This vulnerability applies to WebFlux libraries that NiFi
> does not use.
> In addition, recent Dependency Check Plugin reports include a number of false
> positives related to Azure Identity libraries. False positives should be
> suppressed and other impacted dependencies should be upgraded.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
